Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-13509 (GCVE-0-2019-13509)
Vulnerability from cvelistv5 – Published: 2019-07-18 15:34 – Updated: 2024-08-04 23:57
VLAI
EPSS
Summary
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://docs.docker.com/engine/release-notes/ | x_refsource_MISC |
| http://www.securityfocus.com/bid/109253 | vdb-entryx_refsource_BID |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.netapp.com/advisory/ntap-2019082… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://www.debian.org/security/2019/dsa-4521 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2019/Sep/21 | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.docker.com/engine/release-notes/"
},
{
"name": "109253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109253"
},
{
"name": "FEDORA-2019-5b54793a4a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/"
},
{
"name": "FEDORA-2019-4bed83e978",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190828-0003/"
},
{
"name": "openSUSE-SU-2019:2021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"name": "DSA-4521",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4521"
},
{
"name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-10T17:06:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.docker.com/engine/release-notes/"
},
{
"name": "109253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109253"
},
{
"name": "FEDORA-2019-5b54793a4a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/"
},
{
"name": "FEDORA-2019-4bed83e978",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190828-0003/"
},
{
"name": "openSUSE-SU-2019:2021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"name": "DSA-4521",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4521"
},
{
"name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/21"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.docker.com/engine/release-notes/",
"refsource": "MISC",
"url": "https://docs.docker.com/engine/release-notes/"
},
{
"name": "109253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109253"
},
{
"name": "FEDORA-2019-5b54793a4a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/"
},
{
"name": "FEDORA-2019-4bed83e978",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190828-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190828-0003/"
},
{
"name": "openSUSE-SU-2019:2021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"name": "DSA-4521",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4521"
},
{
"name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/21"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13509",
"datePublished": "2019-07-18T15:34:59.000Z",
"dateReserved": "2019-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:57:39.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-13509",
"date": "2026-06-04",
"epss": "0.0152",
"percentile": "0.81575"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-13509\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-07-18T16:15:11.953\",\"lastModified\":\"2024-11-21T04:25:02.213\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.\"},{\"lang\":\"es\",\"value\":\"En Docker CE y EE antes de 18.09.8 (as\u00ed como en Docker EE antes de 17.06.2-ee-23 y 18.x antes de 18.03.1-ee-10), Docker Engine en modo de depuraci\u00f3n a veces puede agregar secretos al registro de depuraci\u00f3n. . Esto se aplica a un escenario en el que la implementaci\u00f3n de la pila de la ventana acoplable se ejecuta para volver a implementar una pila que incluye secretos (no externos). Potencialmente se aplica a otros usuarios de API de la API de pila si reenv\u00edan el secreto.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"18.09.0\",\"versionEndExcluding\":\"18.09.8\",\"matchCriteriaId\":\"4D022DE6-8533-4360-8F03-B210E63B31AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.03.2:1:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"3A35124F-EC46-4CFC-A2A2-893AC0063AF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.03.2:2:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"2C1A46D9-A718-4944-8A51-AA576665A3AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.03.2:3:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"343474A5-E102-4DC1-B11E-F7EB93B8BD34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.03.2:4:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"DF245918-BDC1-4DF8-AEDA-752B4530F634\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.03.2:5:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"97E72881-8988-4931-AA78-1E998D03A37B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.03.2:6:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"5ADC31D5-B913-428A-9F7A-5E85349FC5CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.03.2:7:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"C48F0193-894D-4B64-8301-884EBB1DDE8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.03.2:8:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"4D2262C9-231A-4978-88EF-B59267B5F5CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:1:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"E03D470E-5C28-4935-8ECA-62EED8629889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:10:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"032171DB-4D2A-4691-95E2-DC5791DE1F9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:11:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"92852E25-5EE1-477F-BAB9-735DA676F950\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:12:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"86BD817A-3BED-46A1-A047-6531D495F05C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:13:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"AC6A6285-12CC-4591-B722-AA5943915696\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:15:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"0B487089-A678-4306-AF75-DBC792A23BCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:16:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"45FEBF98-DE0E-4F78-B9A4-7BCB9F4202C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:17:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"26D5DFE0-ED60-448B-92C7-4A06611755AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:18:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"296CC9ED-9AF2-41AE-93CF-4B8C94CE7743\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:19:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"0178061A-1909-4E39-BF20-3BFD9E8BF22B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:2:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"444A75C4-8331-46B3-A056-C4944DF3D792\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:20:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"EAF2CFD3-63EB-4DBC-B7A0-BA8858F51F29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:21:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"4CAEE8A8-337B-406B-9AF0-2538D54F1514\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:22:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"E5CBCA34-6BC1-4069-A12D-78DCA5F06BFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:3:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"43BA9F49-85B3-47BD-ABA5-08A234EEDFBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:4:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"FBE59DD2-4AD2-4FC9-B5B0-2DD2E4DA219E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:5:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"D613D8B1-3608-40B5-ACDA-D0EC0B152F9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:6:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"1B9A48AB-A032-4911-928F-6D86B86FB847\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:7:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"3A86A73A-CAEC-483A-8C42-D1EC88B1A848\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:8:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"8CB75426-B766-48EC-A681-A82747737276\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:17.06.2:9:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"42195FEA-1D74-42B2-9212-DF162E0470AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:18.03.1:1:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"53935883-E828-40A7-83F4-7218542A401C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:18.03.1:2:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"FB720999-4540-487B-9133-32C85026836B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:18.03.1:3:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"CBEA8855-C9FE-4301-ADAF-993874DDF7F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:18.03.1:4:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"353070E6-89AD-40C4-9A45-AF993DE52BF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:18.03.1:5:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"D4541E93-762A-40DF-B596-A5F359049C0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:18.03.1:6:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"987118D7-6803-4E11-A184-34FC82E9AF1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:18.03.1:7:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"97EFE5E1-6623-44A6-8AA7-A7E30955B513\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:18.03.1:8:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"BF61D0BA-5F95-4E92-8D81-5BE5FA59FF61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:18.03.1:9:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"DD629561-32BD-4C9D-A38B-063554DCA827\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*\",\"versionEndExcluding\":\"18.09.8\",\"matchCriteriaId\":\"82A26E20-E07A-4229-907C-2FAF03AD50A3\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/109253\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.docker.com/engine/release-notes/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Sep/21\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190828-0003/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4521\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/109253\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.docker.com/engine/release-notes/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Sep/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190828-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4521\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
cleanstart-2026-td34476
Vulnerability from cleanstart
Published
2026-02-06 00:51
Modified
2026-02-03 13:35
Summary
Moby is an open-source project created by Docker for software containerization
Details
Multiple security vulnerabilities affect the docker package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "docker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.1.5-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the docker package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-TD34476",
"modified": "2026-02-03T13:35:45Z",
"published": "2026-02-06T00:51:29.459800Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-TD34476"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-13509"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-14271"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13401"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21285"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-41089"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-29526"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-26054"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23650"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23651"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23652"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23653"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-24557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-41110"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13509"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14271"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13401"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21285"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41089"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26054"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23650"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23651"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23652"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23653"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41110"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Moby is an open-source project created by Docker for software containerization",
"upstream": [
"CVE-2019-13509",
"CVE-2019-14271",
"CVE-2020-13401",
"CVE-2021-21285",
"CVE-2021-41089",
"CVE-2022-29526",
"CVE-2023-26054",
"CVE-2024-23650",
"CVE-2024-23651",
"CVE-2024-23652",
"CVE-2024-23653",
"CVE-2024-24557",
"CVE-2024-41110"
]
}
cleanstart-2026-xl45869
Vulnerability from cleanstart
Published
2026-01-30 16:57
Modified
2026-01-29 18:58
Summary
Moby is an open-source project created by Docker for software containerization
Details
Multiple security vulnerabilities affect the docker-fips package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "docker-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.1.5-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the docker-fips package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-XL45869",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T16:57:56.432971Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-XL45869.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-13509"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-14271"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13401"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21285"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-41089"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-29526"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-26054"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23650"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23651"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23652"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23653"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-24557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-41110"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13509"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14271"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13401"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21285"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41089"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26054"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23650"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23651"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23652"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23653"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41110"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Moby is an open-source project created by Docker for software containerization",
"upstream": [
"CVE-2019-13509",
"CVE-2019-14271",
"CVE-2020-13401",
"CVE-2021-21285",
"CVE-2021-41089",
"CVE-2022-29526",
"CVE-2023-26054",
"CVE-2024-23650",
"CVE-2024-23651",
"CVE-2024-23652",
"CVE-2024-23653",
"CVE-2024-24557",
"CVE-2024-41110"
]
}
cleanstart-2026-yb44027
Vulnerability from cleanstart
Published
2026-01-30 17:04
Modified
2026-01-29 18:58
Summary
Moby is an open-source project created by Docker for software containerization
Details
Multiple security vulnerabilities affect the docker-fips package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "docker-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.1.5-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the docker-fips package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-YB44027",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T17:04:26.396860Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-YB44027.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-13509"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-14271"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13401"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21285"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-41089"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-29526"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-26054"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23650"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23651"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23652"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23653"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-24557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-41110"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13509"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14271"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13401"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21285"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41089"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26054"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23650"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23651"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23652"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23653"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41110"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Moby is an open-source project created by Docker for software containerization",
"upstream": [
"CVE-2019-13509",
"CVE-2019-14271",
"CVE-2020-13401",
"CVE-2021-21285",
"CVE-2021-41089",
"CVE-2022-29526",
"CVE-2023-26054",
"CVE-2024-23650",
"CVE-2024-23651",
"CVE-2024-23652",
"CVE-2024-23653",
"CVE-2024-24557",
"CVE-2024-41110"
]
}
cleanstart-2026-zm20570
Vulnerability from cleanstart
Published
2026-02-06 00:54
Modified
2026-02-03 13:35
Summary
Moby is an open-source project created by Docker for software containerization
Details
Multiple security vulnerabilities affect the docker package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "docker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.1.5-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the docker package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-ZM20570",
"modified": "2026-02-03T13:35:45Z",
"published": "2026-02-06T00:54:29.621254Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-ZM20570.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-13509"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-14271"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-13401"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21285"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-41089"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-29526"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-26054"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23650"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23651"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23652"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23653"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-24557"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-41110"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13509"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14271"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13401"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21285"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41089"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26054"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23650"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23651"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23652"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23653"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41110"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Moby is an open-source project created by Docker for software containerization",
"upstream": [
"CVE-2019-13509",
"CVE-2019-14271",
"CVE-2020-13401",
"CVE-2021-21285",
"CVE-2021-41089",
"CVE-2022-29526",
"CVE-2023-26054",
"CVE-2024-23650",
"CVE-2024-23651",
"CVE-2024-23652",
"CVE-2024-23653",
"CVE-2024-24557",
"CVE-2024-41110"
]
}
Title
Docker CE和EE信息泄露漏洞
Description
Docker是美国Docker公司的一款开源的应用容器引擎。该产品支持在Linux系统上创建一个容器(轻量级虚拟机)并部署和运行应用程序,以及通过配置文件实现应用程序的自动化安装、部署和升级。
Docker CE和EE中存在安全漏洞,该漏洞源于调试模式下的Docker Engine会将敏感信息添加到调试日志中。攻击者可利用该漏洞泄露信息。
Severity
中
Patch Name
Docker CE和EE信息泄露漏洞的补丁
Patch Description
Docker是美国Docker公司的一款开源的应用容器引擎。该产品支持在Linux系统上创建一个容器(轻量级虚拟机)并部署和运行应用程序,以及通过配置文件实现应用程序的自动化安装、部署和升级。
Docker CE和EE中存在安全漏洞,该漏洞源于调试模式下的Docker Engine会将敏感信息添加到调试日志中。攻击者可利用该漏洞泄露信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://docs.docker.com/engine/release-notes/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-13509
Impacted products
| Name | ['Docker Docker-CE <18.09.8', 'Docker Docker-EE <18.09.8', 'Docker Docker-EE <17.06.2-ee-23', 'Docker Docker-EE <18.*,<18.03.1-ee-10'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-13509"
}
},
"description": "Docker\u662f\u7f8e\u56fdDocker\u516c\u53f8\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u5e94\u7528\u5bb9\u5668\u5f15\u64ce\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u5728Linux\u7cfb\u7edf\u4e0a\u521b\u5efa\u4e00\u4e2a\u5bb9\u5668\uff08\u8f7b\u91cf\u7ea7\u865a\u62df\u673a\uff09\u5e76\u90e8\u7f72\u548c\u8fd0\u884c\u5e94\u7528\u7a0b\u5e8f\uff0c\u4ee5\u53ca\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u7684\u81ea\u52a8\u5316\u5b89\u88c5\u3001\u90e8\u7f72\u548c\u5347\u7ea7\u3002\n\nDocker CE\u548cEE\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8c03\u8bd5\u6a21\u5f0f\u4e0b\u7684Docker Engine\u4f1a\u5c06\u654f\u611f\u4fe1\u606f\u6dfb\u52a0\u5230\u8c03\u8bd5\u65e5\u5fd7\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4fe1\u606f\u3002",
"discovererName": "Docker",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://docs.docker.com/engine/release-notes/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-29136",
"openTime": "2019-08-28",
"patchDescription": "Docker\u662f\u7f8e\u56fdDocker\u516c\u53f8\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u5e94\u7528\u5bb9\u5668\u5f15\u64ce\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u5728Linux\u7cfb\u7edf\u4e0a\u521b\u5efa\u4e00\u4e2a\u5bb9\u5668\uff08\u8f7b\u91cf\u7ea7\u865a\u62df\u673a\uff09\u5e76\u90e8\u7f72\u548c\u8fd0\u884c\u5e94\u7528\u7a0b\u5e8f\uff0c\u4ee5\u53ca\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u7684\u81ea\u52a8\u5316\u5b89\u88c5\u3001\u90e8\u7f72\u548c\u5347\u7ea7\u3002\r\n\r\nDocker CE\u548cEE\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8c03\u8bd5\u6a21\u5f0f\u4e0b\u7684Docker Engine\u4f1a\u5c06\u654f\u611f\u4fe1\u606f\u6dfb\u52a0\u5230\u8c03\u8bd5\u65e5\u5fd7\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Docker CE\u548cEE\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Docker Docker-CE \u003c18.09.8",
"Docker Docker-EE \u003c18.09.8",
"Docker Docker-EE \u003c17.06.2-ee-23",
"Docker Docker-EE \u003c18.*\uff0c\u003c18.03.1-ee-10"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-13509",
"serverity": "\u4e2d",
"submitTime": "2019-07-22",
"title": "Docker CE\u548cEE\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
FKIE_CVE-2019-13509
Vulnerability from fkie_nvd - Published: 2019-07-18 16:15 - Updated: 2024-11-21 04:25
Severity
Summary
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/109253 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://docs.docker.com/engine/release-notes/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/ | ||
| cve@mitre.org | https://seclists.org/bugtraq/2019/Sep/21 | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190828-0003/ | ||
| cve@mitre.org | https://www.debian.org/security/2019/dsa-4521 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109253 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.docker.com/engine/release-notes/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Sep/21 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190828-0003/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4521 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| docker | docker | * | |
| docker | docker | 17.03.2 | |
| docker | docker | 17.03.2 | |
| docker | docker | 17.03.2 | |
| docker | docker | 17.03.2 | |
| docker | docker | 17.03.2 | |
| docker | docker | 17.03.2 | |
| docker | docker | 17.03.2 | |
| docker | docker | 17.03.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 17.06.2 | |
| docker | docker | 18.03.1 | |
| docker | docker | 18.03.1 | |
| docker | docker | 18.03.1 | |
| docker | docker | 18.03.1 | |
| docker | docker | 18.03.1 | |
| docker | docker | 18.03.1 | |
| docker | docker | 18.03.1 | |
| docker | docker | 18.03.1 | |
| docker | docker | 18.03.1 | |
| docker | docker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "4D022DE6-8533-4360-8F03-B210E63B31AB",
"versionEndExcluding": "18.09.8",
"versionStartIncluding": "18.09.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.03.2:1:*:*:enterprise:*:*:*",
"matchCriteriaId": "3A35124F-EC46-4CFC-A2A2-893AC0063AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.03.2:2:*:*:enterprise:*:*:*",
"matchCriteriaId": "2C1A46D9-A718-4944-8A51-AA576665A3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.03.2:3:*:*:enterprise:*:*:*",
"matchCriteriaId": "343474A5-E102-4DC1-B11E-F7EB93B8BD34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.03.2:4:*:*:enterprise:*:*:*",
"matchCriteriaId": "DF245918-BDC1-4DF8-AEDA-752B4530F634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.03.2:5:*:*:enterprise:*:*:*",
"matchCriteriaId": "97E72881-8988-4931-AA78-1E998D03A37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.03.2:6:*:*:enterprise:*:*:*",
"matchCriteriaId": "5ADC31D5-B913-428A-9F7A-5E85349FC5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.03.2:7:*:*:enterprise:*:*:*",
"matchCriteriaId": "C48F0193-894D-4B64-8301-884EBB1DDE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.03.2:8:*:*:enterprise:*:*:*",
"matchCriteriaId": "4D2262C9-231A-4978-88EF-B59267B5F5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:1:*:*:enterprise:*:*:*",
"matchCriteriaId": "E03D470E-5C28-4935-8ECA-62EED8629889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:10:*:*:enterprise:*:*:*",
"matchCriteriaId": "032171DB-4D2A-4691-95E2-DC5791DE1F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:11:*:*:enterprise:*:*:*",
"matchCriteriaId": "92852E25-5EE1-477F-BAB9-735DA676F950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:12:*:*:enterprise:*:*:*",
"matchCriteriaId": "86BD817A-3BED-46A1-A047-6531D495F05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:13:*:*:enterprise:*:*:*",
"matchCriteriaId": "AC6A6285-12CC-4591-B722-AA5943915696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:15:*:*:enterprise:*:*:*",
"matchCriteriaId": "0B487089-A678-4306-AF75-DBC792A23BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:16:*:*:enterprise:*:*:*",
"matchCriteriaId": "45FEBF98-DE0E-4F78-B9A4-7BCB9F4202C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:17:*:*:enterprise:*:*:*",
"matchCriteriaId": "26D5DFE0-ED60-448B-92C7-4A06611755AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:18:*:*:enterprise:*:*:*",
"matchCriteriaId": "296CC9ED-9AF2-41AE-93CF-4B8C94CE7743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:19:*:*:enterprise:*:*:*",
"matchCriteriaId": "0178061A-1909-4E39-BF20-3BFD9E8BF22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:2:*:*:enterprise:*:*:*",
"matchCriteriaId": "444A75C4-8331-46B3-A056-C4944DF3D792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:20:*:*:enterprise:*:*:*",
"matchCriteriaId": "EAF2CFD3-63EB-4DBC-B7A0-BA8858F51F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:21:*:*:enterprise:*:*:*",
"matchCriteriaId": "4CAEE8A8-337B-406B-9AF0-2538D54F1514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:22:*:*:enterprise:*:*:*",
"matchCriteriaId": "E5CBCA34-6BC1-4069-A12D-78DCA5F06BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:3:*:*:enterprise:*:*:*",
"matchCriteriaId": "43BA9F49-85B3-47BD-ABA5-08A234EEDFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:4:*:*:enterprise:*:*:*",
"matchCriteriaId": "FBE59DD2-4AD2-4FC9-B5B0-2DD2E4DA219E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:5:*:*:enterprise:*:*:*",
"matchCriteriaId": "D613D8B1-3608-40B5-ACDA-D0EC0B152F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:6:*:*:enterprise:*:*:*",
"matchCriteriaId": "1B9A48AB-A032-4911-928F-6D86B86FB847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:7:*:*:enterprise:*:*:*",
"matchCriteriaId": "3A86A73A-CAEC-483A-8C42-D1EC88B1A848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:8:*:*:enterprise:*:*:*",
"matchCriteriaId": "8CB75426-B766-48EC-A681-A82747737276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:9:*:*:enterprise:*:*:*",
"matchCriteriaId": "42195FEA-1D74-42B2-9212-DF162E0470AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.1:1:*:*:enterprise:*:*:*",
"matchCriteriaId": "53935883-E828-40A7-83F4-7218542A401C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.1:2:*:*:enterprise:*:*:*",
"matchCriteriaId": "FB720999-4540-487B-9133-32C85026836B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.1:3:*:*:enterprise:*:*:*",
"matchCriteriaId": "CBEA8855-C9FE-4301-ADAF-993874DDF7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.1:4:*:*:enterprise:*:*:*",
"matchCriteriaId": "353070E6-89AD-40C4-9A45-AF993DE52BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.1:5:*:*:enterprise:*:*:*",
"matchCriteriaId": "D4541E93-762A-40DF-B596-A5F359049C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.1:6:*:*:enterprise:*:*:*",
"matchCriteriaId": "987118D7-6803-4E11-A184-34FC82E9AF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.1:7:*:*:enterprise:*:*:*",
"matchCriteriaId": "97EFE5E1-6623-44A6-8AA7-A7E30955B513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.1:8:*:*:enterprise:*:*:*",
"matchCriteriaId": "BF61D0BA-5F95-4E92-8D81-5BE5FA59FF61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.1:9:*:*:enterprise:*:*:*",
"matchCriteriaId": "DD629561-32BD-4C9D-A38B-063554DCA827",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*",
"matchCriteriaId": "82A26E20-E07A-4229-907C-2FAF03AD50A3",
"versionEndExcluding": "18.09.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret."
},
{
"lang": "es",
"value": "En Docker CE y EE antes de 18.09.8 (as\u00ed como en Docker EE antes de 17.06.2-ee-23 y 18.x antes de 18.03.1-ee-10), Docker Engine en modo de depuraci\u00f3n a veces puede agregar secretos al registro de depuraci\u00f3n. . Esto se aplica a un escenario en el que la implementaci\u00f3n de la pila de la ventana acoplable se ejecuta para volver a implementar una pila que incluye secretos (no externos). Potencialmente se aplica a otros usuarios de API de la API de pila si reenv\u00edan el secreto."
}
],
"id": "CVE-2019-13509",
"lastModified": "2024-11-21T04:25:02.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-18T16:15:11.953",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109253"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.docker.com/engine/release-notes/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Sep/21"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20190828-0003/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2019/dsa-4521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.docker.com/engine/release-notes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Sep/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20190828-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2019/dsa-4521"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-J249-GHV5-7MXV
Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2023-08-15 20:17
VLAI
Summary
Secret insertion into debug log in Docker
Details
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/docker/docker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.09.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-13509"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-15T20:17:38Z",
"nvd_published_at": "2019-07-18T16:15:00Z",
"severity": "HIGH"
},
"details": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.",
"id": "GHSA-j249-ghv5-7mxv",
"modified": "2023-08-15T20:17:38Z",
"published": "2022-05-24T16:50:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13509"
},
{
"type": "WEB",
"url": "https://docs.docker.com/engine/release-notes/18.09"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Secret insertion into debug log in Docker"
}
GSD-2019-13509
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-13509",
"description": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.",
"id": "GSD-2019-13509",
"references": [
"https://www.suse.com/security/cve/CVE-2019-13509.html",
"https://www.debian.org/security/2019/dsa-4521",
"https://alas.aws.amazon.com/cve/html/CVE-2019-13509.html",
"https://linux.oracle.com/cve/CVE-2019-13509.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-13509"
],
"details": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.",
"id": "GSD-2019-13509",
"modified": "2023-12-13T01:23:41.240979Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.docker.com/engine/release-notes/",
"refsource": "MISC",
"url": "https://docs.docker.com/engine/release-notes/"
},
{
"name": "109253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109253"
},
{
"name": "FEDORA-2019-5b54793a4a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/"
},
{
"name": "FEDORA-2019-4bed83e978",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190828-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190828-0003/"
},
{
"name": "openSUSE-SU-2019:2021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"name": "DSA-4521",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4521"
},
{
"name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/21"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003cv18.09.8",
"affected_versions": "All versions before 18.09.8",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-532",
"CWE-937"
],
"date": "2023-08-15",
"description": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.",
"fixed_versions": [
"v18.09.8"
],
"identifier": "CVE-2019-13509",
"identifiers": [
"GHSA-j249-ghv5-7mxv",
"CVE-2019-13509"
],
"not_impacted": "All versions starting from 18.09.8",
"package_slug": "go/github.com/docker/docker",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 18.09.8 or above.",
"title": "Insertion of Sensitive Information into Log File",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-13509",
"https://docs.docker.com/engine/release-notes/18.09/",
"https://github.com/advisories/GHSA-j249-ghv5-7mxv"
],
"uuid": "f649d36d-67bf-40e6-b0f4-701177d03761",
"versions": [
{
"commit": {
"sha": "bd28d1c01f2013be856f12165dfa149734bc9beb",
"tags": [
"v18.09.8"
],
"timestamp": "20190717160951"
},
"number": "v18.09.8"
}
]
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.03.2:6:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.03.2:4:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.03.2:2:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:10:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:12:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:2:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:21:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:8:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.1:1:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.1:6:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.1:8:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:15:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:16:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:17:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:18:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.1:2:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.1:3:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.1:4:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.1:5:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.03.2:1:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.03.2:7:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.03.2:8:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:1:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:22:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:3:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:4:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:5:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:6:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.09.8",
"versionStartIncluding": "18.09.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.03.2:5:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.03.2:3:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:11:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:13:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:19:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:20:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:7:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2:9:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.1:7:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.1:9:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.09.8",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13509"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.docker.com/engine/release-notes/",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.docker.com/engine/release-notes/"
},
{
"name": "109253",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109253"
},
{
"name": "FEDORA-2019-5b54793a4a",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/"
},
{
"name": "FEDORA-2019-4bed83e978",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190828-0003/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20190828-0003/"
},
{
"name": "openSUSE-SU-2019:2021",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"name": "DSA-4521",
"refsource": "DEBIAN",
"tags": [],
"url": "https://www.debian.org/security/2019/dsa-4521"
},
{
"name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update",
"refsource": "BUGTRAQ",
"tags": [],
"url": "https://seclists.org/bugtraq/2019/Sep/21"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-08-27T17:15Z",
"publishedDate": "2019-07-18T16:15Z"
}
}
}
MSRC_CVE-2019-13509
Vulnerability from csaf_microsoft - Published: 2019-07-02 00:00 - Updated: 2021-07-16 00:00Summary
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10) Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2019/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2019/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2019-13509 In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10) Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-13509.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10) Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.",
"tracking": {
"current_release_date": "2021-07-16T00:00:00.000Z",
"generator": {
"date": "2025-12-27T21:32:38.124Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2019-13509",
"initial_release_date": "2019-07-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-07-16T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 moby-buildx 0.4.1+azure-3",
"product": {
"name": "\u003ccm1 moby-buildx 0.4.1+azure-3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 moby-buildx 0.4.1+azure-3",
"product": {
"name": "cm1 moby-buildx 0.4.1+azure-3",
"product_id": "16833"
}
}
],
"category": "product_name",
"name": "moby-buildx"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 moby-buildx 0.4.1+azure-3 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 moby-buildx 0.4.1+azure-3 as a component of CBL Mariner 1.0",
"product_id": "16833-16820"
},
"product_reference": "16833",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13509",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16833-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-13509 In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10) Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-13509.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-16T00:00:00.000Z",
"details": "-:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"16820-1"
]
}
],
"title": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10) Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret."
}
]
}
OPENSUSE-SU-2019:2021-1
Vulnerability from csaf_opensuse - Published: 2019-08-29 16:21 - Updated: 2019-08-29 16:21Summary
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork
Severity
Important
Notes
Title of the patch: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork
Description of the patch: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:
Docker:
- CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409).
- CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160).
- Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649).
runc:
- Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920).
- Update to runc 425e105d5a03, which is required by Docker (bsc#1139649).
containerd:
- CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967).
- Update to containerd v1.2.6, which is required by docker (bsc#1139649).
golang-github-docker-libnetwork:
- Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2021
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.3 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.3 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
27 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1100331 | self |
| https://bugzilla.suse.com/1121967 | self |
| https://bugzilla.suse.com/1138920 | self |
| https://bugzilla.suse.com/1139649 | self |
| https://bugzilla.suse.com/1142160 | self |
| https://bugzilla.suse.com/1142413 | self |
| https://bugzilla.suse.com/1143409 | self |
| https://www.suse.com/security/cve/CVE-2018-10892/ | self |
| https://www.suse.com/security/cve/CVE-2019-13509/ | self |
| https://www.suse.com/security/cve/CVE-2019-14271/ | self |
| https://www.suse.com/security/cve/CVE-2019-5736/ | self |
| https://www.suse.com/security/cve/CVE-2018-10892 | external |
| https://bugzilla.suse.com/1100331 | external |
| https://bugzilla.suse.com/1100838 | external |
| https://www.suse.com/security/cve/CVE-2019-13509 | external |
| https://bugzilla.suse.com/1142160 | external |
| https://www.suse.com/security/cve/CVE-2019-14271 | external |
| https://bugzilla.suse.com/1143409 | external |
| https://www.suse.com/security/cve/CVE-2019-5736 | external |
| https://bugzilla.suse.com/1121967 | external |
| https://bugzilla.suse.com/1122185 | external |
| https://bugzilla.suse.com/1173421 | external |
| https://bugzilla.suse.com/1218894 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:\n\nDocker:\n\n- CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409).\n- CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160).\n- Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649).\n\nrunc:\n\n- Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920).\n- Update to runc 425e105d5a03, which is required by Docker (bsc#1139649).\n\ncontainerd:\n\n- CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967).\n- Update to containerd v1.2.6, which is required by docker (bsc#1139649).\n\ngolang-github-docker-libnetwork:\n\n- Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2021",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2021-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2021-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/22XH5BZGCHAOESP2KM3ZT4XHBXIVMEZK/#22XH5BZGCHAOESP2KM3ZT4XHBXIVMEZK"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2021-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/22XH5BZGCHAOESP2KM3ZT4XHBXIVMEZK/#22XH5BZGCHAOESP2KM3ZT4XHBXIVMEZK"
},
{
"category": "self",
"summary": "SUSE Bug 1100331",
"url": "https://bugzilla.suse.com/1100331"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1138920",
"url": "https://bugzilla.suse.com/1138920"
},
{
"category": "self",
"summary": "SUSE Bug 1139649",
"url": "https://bugzilla.suse.com/1139649"
},
{
"category": "self",
"summary": "SUSE Bug 1142160",
"url": "https://bugzilla.suse.com/1142160"
},
{
"category": "self",
"summary": "SUSE Bug 1142413",
"url": "https://bugzilla.suse.com/1142413"
},
{
"category": "self",
"summary": "SUSE Bug 1143409",
"url": "https://bugzilla.suse.com/1143409"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10892 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13509 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14271 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
}
],
"title": "Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork",
"tracking": {
"current_release_date": "2019-08-29T16:21:56Z",
"generator": {
"date": "2019-08-29T16:21:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2021-1",
"initial_release_date": "2019-08-29T16:21:56Z",
"revision_history": [
{
"date": "2019-08-29T16:21:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"product": {
"name": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"product_id": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"product": {
"name": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"product_id": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.6-lp151.2.6.1.x86_64",
"product": {
"name": "containerd-1.2.6-lp151.2.6.1.x86_64",
"product_id": "containerd-1.2.6-lp151.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"product": {
"name": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"product_id": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-19.03.1_ce-lp151.2.12.1.x86_64",
"product": {
"name": "docker-19.03.1_ce-lp151.2.12.1.x86_64",
"product_id": "docker-19.03.1_ce-lp151.2.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"product": {
"name": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"product_id": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"product": {
"name": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"product_id": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.6-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64"
},
"product_reference": "containerd-1.2.6-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64"
},
"product_reference": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-19.03.1_ce-lp151.2.12.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64"
},
"product_reference": "docker-19.03.1_ce-lp151.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch"
},
"product_reference": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64"
},
"product_reference": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch"
},
"product_reference": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
},
"product_reference": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.6-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64"
},
"product_reference": "containerd-1.2.6-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64"
},
"product_reference": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-19.03.1_ce-lp151.2.12.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64"
},
"product_reference": "docker-19.03.1_ce-lp151.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch"
},
"product_reference": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64"
},
"product_reference": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch"
},
"product_reference": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
},
"product_reference": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10892"
}
],
"notes": [
{
"category": "general",
"text": "The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host\u0027s hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10892",
"url": "https://www.suse.com/security/cve/CVE-2018-10892"
},
{
"category": "external",
"summary": "SUSE Bug 1100331 for CVE-2018-10892",
"url": "https://bugzilla.suse.com/1100331"
},
{
"category": "external",
"summary": "SUSE Bug 1100838 for CVE-2018-10892",
"url": "https://bugzilla.suse.com/1100838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:21:56Z",
"details": "moderate"
}
],
"title": "CVE-2018-10892"
},
{
"cve": "CVE-2019-13509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13509"
}
],
"notes": [
{
"category": "general",
"text": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13509",
"url": "https://www.suse.com/security/cve/CVE-2019-13509"
},
{
"category": "external",
"summary": "SUSE Bug 1142160 for CVE-2019-13509",
"url": "https://bugzilla.suse.com/1142160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:21:56Z",
"details": "moderate"
}
],
"title": "CVE-2019-13509"
},
{
"cve": "CVE-2019-14271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14271"
}
],
"notes": [
{
"category": "general",
"text": "In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14271",
"url": "https://www.suse.com/security/cve/CVE-2019-14271"
},
{
"category": "external",
"summary": "SUSE Bug 1143409 for CVE-2019-14271",
"url": "https://bugzilla.suse.com/1143409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:21:56Z",
"details": "important"
}
],
"title": "CVE-2019-14271"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:21:56Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…